/****************************************************************************
This file is part of Proactive Investigator Analytics.

Proactive Investigator Analytics is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.

Proactive Investigator Analytics is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
GNU General Public License for more details.

You should have received a copy of the GNU General Public License
along with Proactive Investigator Analytics.  If not, see <http://www.gnu.org/licenses/>.

This script creates McAfee event table and view.

****************************************************************************/

USE [RiskSecurityDW]
GO

CREATE TABLE [dbo].[McAfeeEPOEvents](
	[AutoID] [int] NULL,
	[AutoGUID] [uniqueidentifier] NULL,
	[ServerID] [nvarchar](16) NULL,
	[ReceivedUTC] [datetime] NULL,
	[DetectedUTC] [datetime] NULL,
	[AgentGUID] [uniqueidentifier] NULL,
	[Analyzer] [nvarchar](16) NULL,
	[AnalyzerName] [nvarchar](64) NULL,
	[AnalyzerVersion] [nvarchar](20) NULL,
	[AnalyzerHostName] [nvarchar](128) NULL,
	[AnalyzerIPV4] [int] NULL,
	[AnalyzerIPV6] [binary](16) NULL,
	[AnalyzerMAC] [nvarchar](16) NULL,
	[AnalyzerDATVersion] [nvarchar](20) NULL,
	[AnalyzerEngineVersion] [nvarchar](20) NULL,
	[AnalyzerDetectionMethod] [nvarchar](128) NULL,
	[SourceHostName] [nvarchar](266) NULL,
	[SourceIPV4] [int] NULL,
	[SourceIPV6] [binary](16) NULL,
	[SourceMAC] [nvarchar](16) NULL,
	[SourceUserName] [nvarchar](128) NULL,
	[SourceProcessName] [nvarchar](128) NULL,
	[SourceURL] [nvarchar](1024) NULL,
	[TargetHostName] [nvarchar](266) NULL,
	[TargetIPV4] [int] NULL,
	[TargetIPV6] [binary](16) NULL,
	[TargetMAC] [nvarchar](16) NULL,
	[TargetUserName] [nvarchar](128) NULL,
	[TargetPort] [int] NULL,
	[TargetProtocol] [nvarchar](16) NULL,
	[TargetProcessName] [nvarchar](128) NULL,
	[TargetFileName] [nvarchar](266) NULL,
	[ThreatCategory] [nvarchar](128) NULL,
	[ThreatEventID] [int] NULL,
	[ThreatSeverity] [tinyint] NULL,
	[ThreatName] [nvarchar](128) NULL,
	[ThreatType] [nvarchar](32) NULL,
	[ThreatActionTaken] [nvarchar](24) NULL,
	[ThreatHandled] [bit] NULL,
	[TheTimestamp] [binary](8) NULL
) ON [RSDW]

GO

USE [RiskSecurityDW]
GO

/****** Object:  View [dbo].[Mcafee]    Script Date: 06/16/2011 15:00:14 ******/
SET ANSI_NULLS ON
GO

SET QUOTED_IDENTIFIER ON
GO

Create view [dbo].[Mcafee]
AS 

SELECT
	[AutoID],
	[ServerID],
	[ReceivedUTC],
	[DetectedUTC],
	[Analyzer],
	[AnalyzerName],
	[AnalyzerVersion],
	[AnalyzerHostName],
	[AnalyzerIPV4],
	[AnalyzerIPV6] ,
	[AnalyzerMAC],
	[AnalyzerDATVersion],
	[AnalyzerEngineVersion],
	[AnalyzerDetectionMethod],
	[SourceHostName],
	[SourceIPV4],
	[SourceIPV6],
	[SourceMAC],
	[SourceUserName],
	[SourceProcessName],
	[SourceURL],
	[TargetHostName],
	[TargetIPV4],
	[TargetIPV6],
	[TargetMAC],
	[TargetUserName],
	[TargetPort],
	[TargetProtocol],
	[TargetProcessName],
	[TargetFileName],
	[ThreatCategory],
	[ThreatEventID],
	[ThreatSeverity],
	[ThreatName],
	[ThreatType],
	[ThreatActionTaken],
	[ThreatHandled],
	[TheTimestamp]
	FROM McAfeeEPOEvents
WITH (NOLOCK)
GO


